Another new case of malware in the Google Play Store.
An investigation carried out by the company specializing in cybersecurity avast has discovered a new attack of advertising fraud – another – hidden in about 50 games distributed through the Google Play Store. The games had managed to graze a number of downloads that far exceeded 15 million in total, as some of them accumulated more than 1 million installations through the store.
Apparently, the attack was mainly aimed at infecting the devices of users living in countries in Asia and Latin America, and the most affected were Brazil, India, Turkey, Argentina and Mexico. However, the presence on Google Play caused the games to end up being installed on thousands of devices around the world.
Today, Google has already removed all infected games following Avast’s notice. However, it is very possible that some of the affected users will still have malware installed on their devices.
Through research conducted by Avast, it was discovered that the 47 games that were part of this attack they contained code that violated Google Play’s advertising and spam policies. The vast majority had been published under different developer profiles so as not to raise suspicions, and they had been present in the Google Play Store since the beginning of May.
According to researchers, to carry out this attack campaign, the games would have been posted on Google Play hiding their true purpose, Or by introducing malicious code through incremental updates that would arrive once users had already installed the games on their devices. From that moment on, they began to show intrusive ads difficult to remove, In addition to proceeding to hide the application icon and make it difficult to uninstall. In the table below these lines, it is possible to see some of the games infected with malicious code, which were removed from Google Play after the warning by the researchers:
|Draw Color by Number||1,000,000|
|skate Board – New||1,000,000|
|Find Hidden Differences||1,000,000|
|Spot Hidden Differences||500,000|
|Dancing Run – Color Ball Run||500,000|
|Find 5 Differences||500,000|
|Throw into Space||500,000|
|Divide It – Cut & Slice Game||500,000|
|Tony Shoot – NEW||500,000|
|Save Your Boy||500,000|
|Assassin Hunter 2020||500,000|
|Fly Skater 2020||500,000|
By studying the operation of malware, it was discovered how some of the apps do serve their purpose, Giving users the ability to play the first levels. To do this, once the app was installed, a ten-minute counter was started that allowed the user play during this time before carrying out his malicious tasks. If you keep your mobile unlocked, the counter would restart to allow the user to keep playing and not raise suspicions.
Once the necessary circumstances were given to allow the game to carry out its true task, in the first place the main activity of the game was deactivated, Removing the app drawer icon. From that moment on, it began to display intrusive ads in full screen, as well as in banners and notifications.
After a first warning, Google was able to remove 30 of the malicious applications from the Google Play Store. Later, the rest of the apps involved in this campaign were removed. From Avast, we are offered one sheet with all infected games by this Trojan.
Related topics: Games